[Serusers] SER and IC-RADIUS

Bruno Lopes F. Cabral bruno at openline.com.br
Sat Nov 20 00:30:03 CET 2004 

Hi there

Lucas Aimaretto wrote:
>>why would be a 2a auth for the same user? do you mean
>>you desire a new auth per call?
> 
> Well, suppouse the following ...
> 
> User "A" exists in radius' database, and he is only allowed to call
> users B,C,D and E. What about if user "A" wants to call user "F",
 > how do I control that ???

I read a couple of days ago (in this list) that one could
call an authorize during the INVITE step, but I didn't try
it, yet (still fighting with RADIUS Start acct packet)

> Another option is, yes!, to send everything (username,
> calling-station-id and called-station-id) in just one message, so as to
> check destination too in only the 1st auth ... But I do not see SER
> being sending the Called-Station-Id attribute in the auth process nor
> the calling-station-id (which is NULL). I just see the Username
> attribute. Look ...

that's because your auth is being sent during the REGISTER step,
not the INVITE step (REGISTER and INVITE are SIP terms
for authorizing the client on the server and to instantiate
a call to a SIP endpoing, just for clarification)

> radrecv: Access Request from host c0a801fd code=1, id=47, length=281
>     User-Name = "1992005 at 192.168.1.253"
>     Digest-Attributes = "\012\0111992005"
>     Digest-Attributes = "\001\017192.168.1.253"
>     Digest-Attributes = "\002*419e6d1044b039c6a5570602eb629a2b6b2cb881"
>     Digest-Attributes = "\004\033sip:1992001 at 192.168.1.253"
>     Digest-Attributes = "\003\010INVITE"
>     Digest-Response = "5844c35bc08dfe74b5481c959c13d65e"
>     Service-Type = Sip-Session
>     Sip-Uri-User = "1992005"
>     Cisco-AVPair =
> "call-id=3CBA2689-8049-4D01-AB08-1DE8EE7B20BE at 192.168.1.178"
>     NAS-IP-Address = 192.168.1.253
>     NAS-Port-Id = 5060
> SQL: Attempting to reserve socket
> SQL: Reserved socket 0
> Username is now 1992005
> Calling station Id is now (null)
>   CalledID==NULL
> credit_amount (18.90)
> Sending Access Ack of id 47 to c0a801fd (nas linux)
>     Credit-Amount =
> "V9:T102:L26:683332332d6372656469742d616d6f756e743d31382e3930"
> SQL: Socket 0 used for 0.70 seconds
> SQL: Released socket 0
> 
> Do you see ?

I got the picture but really don't know how to solve
that, yet -- that's on my TODO list, as soon as I discover
WHY I can't generate the Start RADIUS acct packets -
I put setflag(1) on every "if" inside my nathelper.cfg
example which I'm testing and still doesn't get these
packets on my RADIUS server :-(

> How can I (if possible) do that (to send also
> [Called/Calling]-Station-Id)?

sorry, haven't a clue, right now :^)

Cheers
!3runo

More information about the sr-users mailing list